ASB-A-243376549 — Vulnetix

ASB-A-243376549 PUBLISHED

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/av	12:0, 12L:0, 12L

Timeline

Feb 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-02-01 advisory
https://android.googlesource.com/platform/frameworks/av/+/23f552f22abd6bf336484c7085efd46bebd67d89 patch

Open in Interactive Console →